New cybersecurity and technology-related regulations are reshaping how retailers manage their cybersecurity governance and risk management activities. In light of these changes, the National Retail Federation’s (NRF) Center for Digital Risk & Innovation (CDRI) collaborated with PwC to hold retail practitioner workshops in Dallas and Washington, D.C., in the fall of 2024 to better understand retailers’ concerns about new policies and regulations, gain insights into how retailers are addressing and complying with them, and document industry-leading practices and future strategies.
This report highlights key findings from the discussion at these two workshops. All findings and observations below are anonymized but reflect input and dialogue from senior-level cybersecurity, technology, and legal leaders at national U.S.-based retail companies, representing a variety of subsectors.